4.1.11 Moodle Package for Windows

4.1.11 Moodle Package for Windows

par Blair F.,
Nombre de réponses : 4
Avatar Particularly helpful Moodlers

I hope this is the correct forum for my question.

I often install Moodle Packages for Windows on my local systems so that I can test or preview upcoming versions before we actually install them on our development server (That part is done by someone else). I've been doing this for years.

Today, I was contacted by our cyber security guy telling me to remove the Moodle 4.1.11 package I had installed because the PHP was "critically vulnerable." This stuff is beyond my know-how and interest, so I just did as I was told. 

Is there a way for me to install the 4.1.11 Moodle Package for Windows while including an updated version of PHP? Is it just a matter of replacing the contents of the PHP folder with perhaps the contents from a newer version of Moodle BEFORE I run the install?

By that, I mean..

  1. Download and unzip the contents of the 4.1.11 package
  2. Download and unzip the contents of a newer package (hopefully one with a newer PHP version)
  3. Replace the PHP contents of 1 with that of 2
  4. Run the local installation process for the 4.1.11 package

Would that work?

Moyenne des évaluations  -
En réponse à Blair F.

Re: 4.1.11 Moodle Package for Windows

par Howard Miller,
Avatar Core developers Avatar Documentation writers Avatar Particularly helpful Moodlers Avatar Peer reviewers Avatar Plugin developers
There was a vulnerability for PHP announced recently. I didn't take much notice because it was Windows, but I'm reasonably sure it was specific to IIS, not Apache. XAMPP runs Apache. In which case, no vulnerability.
 
EDIT:
I'm talking rubbish again. It WAS Apache on Windows triste
 
https://nvd.nist.gov/vuln/detail/CVE-2024-4577
Moyenne des évaluations Useful (2)
En réponse à Howard Miller

Re: 4.1.11 Moodle Package for Windows

par Blair F.,
Avatar Particularly helpful Moodlers
Gosh. From that, it looks like ALL of the Window Packages use vulnerable PHP versions. So much for my idea of replacing the PHP folder.
Moyenne des évaluations  -
En réponse à Blair F.

Re: 4.1.11 Moodle Package for Windows

par Ken Task,
Avatar Particularly helpful Moodlers

In light of issues, question ... what platform does your production server run?

In looking at local host packages like XAMPP/MAMP, etc. historically, yeah they were great back during dial up days - TCP/IP stack apps on machine that had no internet connection except 'world wide wait'.   But today?

Much better off today using a 'sandbox' moodle for testing on the same platform as your server if at all possible - for all reasons - including security!  Concept that many still struggle with ... networking comes before application.

And I'll go a step further .... install and maintain that sandbox using git versioning ... command line only.   Once you get that down you will wonder why you hadn't tried it before! sourire

'SoS', Ken

Moyenne des évaluations  -